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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )[3 Responsive to communication(s) filed on 11 December 2001 . 
2a)D This action is FINAL. 2b® This action is non-final. 

" 3)D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 
closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-21 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-21 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) ^ The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 11 December 2001 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121 (d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)^3 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)D All b)D Some '^cjKTNoneot: ■ 

1 Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 
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DETAILED ACTION 



Priority 

1 . Acknowledgment is made of applicant's claim for foreign priority based on an 
application filed in Japan on January 1 1 , 2001 . It is noted, however, that applicant has 
not filed a certified copy of the P2001-3603 application as required by 35 U.S.C. 1 19(b). 



Specification 

2. The disclosure is objected to because of the following informalities: 

a) The Examiner feels the word "sever" in the title should be "server". 

b) The "justified" format of the disclosure makes reading of the specification 
difficult (i.e. page 1 , Iine14). The Examiner suggests using a different type 
of format for the disclosure. 

Appropriate correction is required. 



3. The lengthy specification has not been checked to the extent necessary to 
determine the presehceof aii~possible-minGr-errors.-Applicant!s^oop_eration is 
requested in correcting any errors of which applicant may become aware in the 
specification. 
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Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 
that form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) The invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

5. Claims 1-8, 13-21, are rejected under 35 U.S.C. 102(e) as being anticipated 
by Uskela, U.S. Patent 6,721,886. 

6. In considering claims 1 and 4, Uskela teaches a server that provides services 
to clients connected to the server via a network, the server comprising: a public-key 
storage unit for storing public keys assigned to each service provided by the server, 
(col. 5, lines 6-16); a challenge generator for generating a challenge to be sent from the 
server to the client after the server receives a request for a service from the client, (col. 
~57iin~es^0-32);-an^ a corresponding public 
key, whether a prescribed relationship exists between the challenge transmitted to the 
client and a response to that challenge received from the client, (col. 5, lines 32-34); 
and a controlling unit, while authenticating access privilege of the client for a service 
provided by the server, for transmitting the challenge generated by the challenge 
generator to the client, (col. 5, lines 25-32); for receiving the response to that challenge 
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returned from the client, (col. 5, lines 32-34); for verifying, with an access privilege 
verifier using a public key assigned to the service and stored in the public-key storage 
unit, whether a prescribed relationship exists between the challenge and the response, 
(col. 5, lines 32-34); and for providing the service to the client only when the access 
privilege verifier successfully verifies the relationship, (col. 5, lines 34-36). 

7. In considering claims 2, 5, and 20, Uskela teaches a client that requests 
services from a server connected to the client via a network, the client comprising: a 
unique operation executor for executing a unique operation assigned to the client, (col. 
5, lines 20-32); an access privilege proving data storage unit for storing access privilege 
proving data created from a private key corresponding to a public key assigned to the 
requested service and the result of the unique operation, (col. 5, lines 20-32); a 
response generator for generating a response to a challenge received from the server 
by executing a prescribed calculation using the result of the unique operation and the 
access privilege proving data, (col. 5, lines 20-32); and a controlling unit, while proving 
to the server that the client owns the access privilege for the service provided by the 
server, for receiving theTchaii^ 

with the response generator, the response from (a) the challenge, (b) the result of the 
unique operation executed by the unique operation executor, and (c) the access 
privilege proving data stored in the access privilege proving data storage unit, (col. 5, 
lines 20-32); and for transmitting the created response to the server, (col. 5, lines 20- 
32). 
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8. In considering claims 3, 6, and 21 , Uskela teaches a client that requests 
services from a server connected the client via a network, comprising: a portable device 
connector for connecting to a portable device provided with a unique operation 
generator for executing unique operations, (col. 3, lines 31-56); an access privilege 
proving data storage unit for storing access privilege proving data created from a private 
key corresponding to a public key assigned to the requested service and the result of 
the unique operation assigned to the portable device, (col. 5, lines 20-32); a response 
generator for generating a response to a challenge received from the server by 
executing a prescribed calculation using the result of the unique operation and the 
access privilege proving data, (col. 5, lines 20-32); and a controlling unit, while proving 
to the server that the client owns the access privilege for the service provided by the 
server, for receiving the challenge from the server, (col. 5, lines 20-32); for generating, 
with the response generator, the response from (a) the challenge, (b) the result of the 
unique operation executed by the unique operation executor housed in the portable 
device connected to the portable device connector, and (c) the access privilege proving 

— data-stGred-in4he-3Ccess-priv.i!ege^^ ( col. 5, lines 20 -32); and 

for transmitting the created response to the server, (col. 5, lines 20-32). 

9. In considering claims 7 and 8, Uskela teaches the access privilege proving 
data storage unit included in the portable device connected to the portable device 
connector, (col. 5, lines 20-32). 
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10. In considering claim 13, Uskela teaches a server that provides services to 
clients connected to the server via a network, the server comprising: a script interpreter 
for interpreting script designed to control the contents of services that the server 
provides to clients and for controlling the operations of the server, (col. 4, lines 46-55); 
and a privilege authenticator for authenticating access privileges of the client when 
called by the script interpreter, (col. 3, line 63 through col. 4, line 15). 

11. In considering claims 14 and 15, Uskela teaches a challenge generator for 
generating a challenge to be sent from the server to the client, (col. 5, lines 20-32); and 
an access privilege verifier that uses a public key to verify a prescribed relationship 
between the challenge transmitted to the client and a response to that challenge 
returned from the client, (col. 5, lines 20-36); and the privilege authenticator receives a 
public key for authenticating privileges of the client when called by the script interpreter, 
transmits the challenge generated by the challenge generator to the client, receives a 
response to the challenge sent by the client, and verifies, using the received public key, 
-access-privileQes-oLthe,client_bv_ means of the acc gss^privjle ge verifier, (col . 5, lines 20- 
36). 

12. In considering claims 16 and 18, Uskela teaches a method executed in a 
server for providing services from the server to clients connected to the server via a 
network after verifying the access privileges of the clients for the services, public keys 
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being assigned in advance to respective services provided by the server, the method 
comprising the steps of: generating a challenge when a request for a service is received 
from a client and transmitting the challenge to the client, (col. 5, lines 20-32); receiving a 
response to the challenge returned from the client, (col. 5, lines 20-32); verifying that a 
prescribed relationship exists between the challenge sent to the client and the response 
received from the client using the public key assigned to the requested service, (col. 5, 
lines 32-34); and providing the requested service to the client only when the prescribed 
relationship exists, (col. 5, lines 34-36). 

13. In considering claims 17 and 19, Uskela teaches a method executed in a 
client for proving its access privilege for a server when requesting a service from a 
server connected to the client via a network, the client being in advance assigned with a 
unique operation, the requested service being in advance assigned with a public key, 
the client in advance receiving access privilege proving data for expressing the access 
privilege of the client for the service, the access privilege proving data being created 
.from a private key corresponding to a public key assigned to the service and the result 



of a unique operation assigned to the client, th^7h^th"odxomprising4he.steps^___ 
receiving a challenge from the server, (col. 5, lines 20-32); executing the unique 
operation assigned thereto, (col. 5, lines 20-32); generating a response based on the 
challenge received from the server, the result of the unique operation, and the access 
privilege proving data, (col. 5, lines 20-32); and transmitting the response to the server, 
(col. 5, lines20-32). 
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Claim Rejections - 35 USC § 103 

14. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

15. Claims 9-12, are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Uskela in view of Brown, U.S. Patent 6,487,667. 

16. In considering claims 9-12, although the teachings of Uskela disclose 
substantial features of the claimed invention, they fail to explicitly teach the server being 
a web server. 

Nevertheless, web servers were well known in the art at the time of the present 
invention. In a similar field of endeavor, Brown teaches a challenge-response technique 
Ihat'utiiizes keys correspAnding to web servers in granting access to the web servers, 
(col. 3, lines 29-65). " " — — 

Thus, it would have been obvious to a person of ordinary skill in the art at the 
time of the present invention to modify the teachings of Uskela to show the server being 
a web server, and the public keys stored in the public-key storage unit being assigned 
to individual web pages, or groups of web pages provided to the clients. This would 
have provided a reliable means for authenticating a client before allowing the client to 
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view individual web pages, or groups of web pages, Uskela, col. 1 , line 5 through col. 2, 
line 16. 

Conclusion 

17. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Wang et al., U.S. Patent 6,085,249, discloses a method and apparatus for 
transferring data from a web server in response to authentication information. 

Choi et al. WO 01/01644, discloses an apparatus for securing information 
transmitted between a mobile device and a web server. 

18. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Hassan Phillips whose telephone number is (571) 
272-3940. The examiner can normally be reached on M-F 8:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Zarni Maung can be reached on (571) 272-3939. The fax phone number for 
the organization^h^r^thls~app 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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